Bitcoin is the currency of the Internet: a distributed, worldwide, decentralized digital money. Unlike traditional currencies such as dollars, bitcoins are issued and managed without any central authority whatsoever: there is no government, company, or bank in charge of Bitcoin. As such, it is more resistant to wild inflation and corrupt banks. With Bitcoin, you can be your own bank.

Community guidelines

Do not use URL shortening services: always submit the real link.

Begging/asking for bitcoins is absolutely not allowed, no matter how badly you need the bitcoins. Only requests for donations to large, recognized charities are allowed, and only if there is good reason to believe that the person accepting bitcoins on behalf of the charity is trustworthy.

News articles that do not contain the word "Bitcoin" are usually off-topic. This subreddit is not about general financial news.

Submissions that are mostly about some other cryptocurrency belong elsewhere. For example, /r/CryptoCurrency is a good place to discuss all cryptocurrencies.

Promotion of client software which attempts to alter the Bitcoin protocol without overwhelming consensus is not permitted.

No referral links in submissions.

No compilations of free Bitcoin sites.

Trades should usually not be advertised here. For example, submissions like "Buying 100 BTC" or "Selling my computer for bitcoins" do not belong here. /r/Bitcoin is primarily for news and discussion.

Please avoid repetition — /r/bitcoin is a subreddit devoted to new information and discussion about Bitcoin and its ecosystem. New merchants are welcome to announce their services for Bitcoin, but after those have been announced they are no longer news and should not be re-posted. Aside from new merchant announcements, those interested in advertising to our audience should consider Reddit's self-serve advertising system.

Join us on IRC

Other Bitcoin sites

Download Bitcoin Core

Bitcoin Core is the backbone of the Bitcoin network. Almost all Bitcoin wallets rely on Bitcoin Core in one way or another. If you have a fairly powerful computer that is almost always online, you can help the network by running Bitcoin Core. You can also use Bitcoin Core as a very secure Bitcoin wallet.

We previously collected donations to fund Bitcoin advertising efforts, but we no longer accept donations. The funds already donated will be spent on some sort of advertising, as intended. As of now, 10.35799117 BTC was spent out of 22.51357574. If you have ideas for the remaining BTC, see here for more info.

I think it's awesome that this free opensource software project can count on the the devotion of its developers during harsh times like these. Everybody that works at an exchange and everybody submitting patches to all the projects out there: You are awesome. <3

BTC-E updated their wallet client yesterday to resolve the bug. Took about 1 hour. It was working perfectly before they updated it, but I guess as an exchange they want to be extra sure, so they patched their wallet. I requested an 0.1 BTC withdraw 3 hours ago, it's in my wallet now.

There are still speed issues on the network due the DoS working on miners using outdated clients, but that's not going to go away until the attacker goes away really. Not sure what "working round the clock" will really do to resolve that... Unless we have Bitcoiners in the FBI?

Business as usual tbqh, just with slower transaction times than usual.

How many alt coins are potentially susceptible to transaction malleability DOS attack? My understanding is that many are based on the BTC code. Is the only reason they're not being attacked is because they're small compared to BTC?

Well Andreas is much better at being a real person to the community while Gox is a pain that can't communicate. There are no reasons to like gox but Andreas is an ok guy even if you don't like his power.

I think the core devs more blamed Gox for being vulnerable (or at least saying they may be vulnerable) to double-withdraws based on changed tx id by malleability.

It's my understanding that after that, coordinated and pervasive attacker(s) started mutating every transaction they could, aggravating known issues (maybe exposing some new ones? I don't think so) in the bitcoin-qt client. Edit: So, you could maybe fault the developers for leaving a ticking time bomb that was basically just waiting for script kiddies to learn about malleability and cause a bit of confusion. But blaming Gox, if undiplomatic, was about a separate issue.

No it wasnt, it was the exact same issue the devs that responded had the very simple attitude of "not my problem jack", blamed MTGox then had to hilariously scramble to eat humble pie and fix the very hole MTGox complained about.

Gox said they may have lost money due to double withdrawals and blamed it on malleability. Developers said it was ultimately Gox's fault because it had been known for years and had a simple workaround that can only be effectively addressed by Gox, not the protocol. (The developers are pretty sure it is impossible to stamp out all ECDSA mutations, or at least to be sure you have.)

Reportedly users of bitcoind/bitcoin-qt are now having more minor issues due to people attacking everyone, not just Gox. Do you have proof that it is causing double-pay losses like Gox's bug? I am 95% sure if you are using the unmodified reference wallet you aren't losing money, and that's why I say it's a separate issue, even if it has a similar root cause. I'd be interested to hear a reason for otherwise though.

Think of it this way: let's say a someone sends out a phoney email to a targeted individual claiming that they need to log into such and such account over some security issue. They make this email entirely convincing and manage to steal the individual's credentials and money. Then the criminals think to themselves, "gee, that really worked, lets send out a thousand of the same emails to other people!" But just as they are hitting the send button the previously robbed individual sends out an email to everyone warning them of the threat. Consequently, no one else is fooled because they all know what to expect. That is essentially what happened here. Everyone received the same email and everyone was just as subject to receiving it as everyone else, but only the first guy was actually fooled by it.

Everyone more or less was affected by the transaction malleability attack, but only the first guys were actually fooled by it. Those first guys were MtGox, and they ended up giving the attackers a lot of money apparently. But as far as I can tell it wasn't because of anything unique about their software, it was just that they were the first victims and so the only ones to whom the con actually worked against.

Interesting points, though I think it lies somewhere between what you said and what /u/left_one said -- Gox got bit first and served to warn some others, but given how plenty of other services are not affected it seems they could also be said to be one of the last to fix their system against an issue that has been known for years.

I said that about users to draw distinction between Gox losing money by double-paying, and most average users who are not subject to any such pitfall. The reference wallet (and most others?) will update your balance correctly even in the presence of mutated confirmed transactions.

All of this has shown that this issue of transaction malleability needs to be fixed in Bitcoin itself. Patching up the client software will certainly help, but there are so many holes that can still be exploited. Whether Gox was more incompetent or just the victim of a more focused attack . . . who knows. It is really beside the point. The real problem is that as long as this issue exists, there will be more attacks, using unanticipated techniques.

Well, it seems the devs aren't sure malleability can ever be completely stopped ("we have no solid idea if ECC signatures are or are not malleable on a fundemental level"). So, I think a two-pronged compromise is the best we can do: mitigate the problems ordinary wallet users have been experiencing in the widespread attacks of the last few days, and get developers to stop thinking the tx hash is immutable.

I'm no expert but it seems the basic attacks we're seeing are stoppable both from a technical standpoint (sipa's BIP) and from the political part, of everyone being willing to upgrade their nodes. Getting a normalized tx id, or otherwise tracking the unforgeable essence of a transaction rather than the unconfirmed version, will still be necessary to guard against the chance that further malleability is discovered later. So people like MtGox may as well implement it now, even if the network and protocol seem to address it too.

You are getting your order mixed up. MtGox weren't the first people to be fooled by it, they were the last people to modify their transaction system to account for the malleability vulnerability.

Other exchanges noticed that their wallets were not reporting information consistently and then shut down their withdrawals. Mtgox noticed that they were losing money because they didn't properly track transactions ontop of the malleability issue. Big difference. In one exchanges didn't process transactions because the info wasn't being reported consistently, in the other, mtgox processed incorrect transactions unknowingly

Unless you think that mtgox should only check transaction IDs when verifying transactions then sure. It's just that all the other exchanges already moved past that paradigm where they are checking for a more accurate tuple of info.

Well, that is what I am saying, MtGox processed the transactions unknowingly, and everyone else shut things down before they did. I doubt that this was because everyone else was tracking their transactions in a more rigorous manner than Gox. If exchanges like Bitstamp had such rigorous tracking of transactions, why did they shut down withdrawals?

What transaction malleability does is it allows you to fake zero confirm transactions. It allows you to pretend a payment occurred when it didn't, or didn't occur when it did. The possibilities for fooling people with this power are endless. Now, of course, if you wait long enough -- like, days -- eventually it all gets sorted out. I know my Enjoy Sochis are finally disappearing one by one. But within that time frame so much mischief can occur.

For example. I could walk into a coffee shop that accepts bitcoin, pay for a coffee, mutate the transaction, and then buy three more coffees and a cake with the change from that previous transaction. Since the initial transaction was mutated, the 2nd payment is invalid, yet by the time the owners of the coffee shop realize that I am long gone. That is, unless coffee shops are going to demand a single confirmation -- i.e., 10 minutes -- before they will give you your drinks.

This problem is huge and cannot simply be patched up by forcing the standard wallets to only make payments from confirmed sources, because nothing is stopping the malicious individual from writing his or her own wallet software.

The problem is with bitcoin itself, and it needs to be fixed. And not only because it needs to be fixed, but because bitcoin needs to prove that it is capable of evolving.

No, mtgox shut down first. They shut down because they've been incorrectly booking transactions. mtgox publicly blamed it on an issue in bitcoin that while known, was not seen as a pressing issue. Other bitcoins exchanges weren't tracking based upon the transaction ID solely. They used a tuple of in, out and txid confirmed, which defeats the attack. That's the current workaround and also a general best practice.

Since then someone and/or thing is exploiting this vulnerability on a purposefully disruptive scale. They've pushed the protocols tolerance for this issue to an extreme and are forcing the developers to come up with the solution. Bitstamp's problem isn't that they were being tricked by your attack and booking. They can't process their transactions because they are unable to return enough confirmed tuples.

At most mtgox's big stink has lead to enough awareness of the issue for someone else to take it to the extreme. Don't confuse that with everything else you've written. I don't think anyone is denying the problem exits, but this ddos issue is not what mtgox suffered from.

I kinda pointed this out earlier. Writing a bunch doesn't change any of that. Did you read mtgox's statement? The first one? or the edit? Maybe there are more edits now. I stopped checking because it doesn't matter.

and indeed they are. when one or another tx gets in the blockchain the other one is treated as invalid. the software works just fine. it's just while waiting for confirmations you might be confused, because somebody else is double spending your money (but to the same receiving address)... and your client rightly lets you know about that. but as soon as one or the other tx is in a block, everything sorts itself back out because now the software knows which one is the "real" one.

additionally, the qt client doesn't let you spend unconfirmed transactions, which means your money is always locked up anyway while this is being sorted out.

in short, the qt software works just fine, just as it should.

and in other words, '"Transactions are always tracked properly by the Bitcoin-Qt/bitcoind software" is still an accurate statement.

Mountain Dew (stylized as Mtn Dew in the United States) is a carbonated soft drink brand produced and owned by PepsiCo. The original formula was invented in 1940 by Tennessee beverage bottlers Barney and Ally Hartman and was first marketed in Marion, Virginia; Knoxville, Tennessee and Johnson City, Tennessee with the slogan "Ya-Hoo! Mountain Dew. It'll tickle yore innards." A revised formula was created by Bill Bridgforth in 1958. The Mountain Dew brand and production rights were acquired by the Pepsi-Cola company in 1964, at which point distribution expanded more widely across the United States and Canada.

Yes, but my comfort might conflict with yours. A drug addict's comfort might conflict with mine. Etc. The problem with anarchy is, and always has been, that not everybody is willing to behave responsibly and with due care for others.

Why would a drug addict's comfort conflict with yours? You're probably afraid that the drug addict will rob you for your money to buy his or hers "medicine", but there are a lot of possible, peaceful solutions to that conflict.

You can never guarantee that individuals are rational (or good -- sometimes being rational and doing "the right thing" may be different) all the time, but you can reasonably expect that a large group of selected individuals, through consensus, will reach rational and ethical decisions -- with ethics as defined by the selection rules. The drug addict example is a good illustration to this.

This is essentially law of large numbers from statistics -- average out the behaviors and get something stable.

I think it was sjura who brought up peace. Personally, I think war is inevitable whenever two parties claim ownership over the same thing. While a peaceful resolution would cost them less, that doesn't mean they won't try and kill each other. My understanding of anarcho-capitalism is that since market forces minimize cost we would see more peaceful resolutions than anything the state could dictate.

If you're sending more than one transaction in less than 10 minutes, you're affected by this. Any transaction that contains change from the previous one can be orphaned permanently if the first one was mutated.

I didn't misread it. I don't know how many people currently need to send more than one transaction in a 10 minute period, but with micropayments coming in the near future I'd rather have this fix than not have it. Also, someone is DOSing the network as a direct result of this bug, a problem which affects us all.

It's really no surprise to those who actually know what anarchy is. If you've ever met up with friends and decided where to hang out - that's anarchy (unless, of course, you have some douchey "friend" who coerces everyone into going where they want to go).

Given that anarchy concerns the freedom of the individual rather than simply coming to a mutually acceptable conclusion (.. democracy?), all deciding to go to the places of individual preference would be a better example.

This is all well and good, but how do you implement that on a larger scale? I think we would have adopted a system like you describe long ago if it were feasible. The problem is that with a small group you can easily leave if you don't want to go with the group consensus, but if the group is an entire country walking away is impractical.

Implement the NAP (Non-Aggression Principle). The point you make is exactly the problem: i.e. someone else deciding what's in my best interest. Democracy is often described as 2 wolves and a sheep voting on what to have for dinner.. :/

You don't need to go anywhere to implement this, just tell everyone that "what's mine is mine, and what's yours is yours, and what you do with your stuff your business. But the moment you come on my property and start telling me what I can and can't do with my stuff, then we have a problem."

So hey, you're not the first person ever to come up with this stuff. In fact, you're about 160 years behind the times. What you're describing is called "pseudoconsensus," and there are many ways to mitigate it (anonymous strawpolling, generous ammendments periods, inclusionary decision procedures, and much more).

I would suggest you do some reading about how anarchism addresses such concerns rather than have us reinvent the wheel, here.

ANARCHISM (from the Gr. av, and aoxn, contrary to authority), the name given to a principle or theory of life and conduct under which society is conceived without government - harmony in such a society being obtained, not by submission to law, or by obedience to any authority, but by free agreements concluded between the various groups, territorial and professional, freely constituted for the sake of production and consumption, as also for the satisfaction of the infinite variety of needs and aspirations of a civilized being. In a society developed on these lines, the voluntary associations which already now begin to cover all the fields of human activity would take a still greater extension so as to substitute themselves for the state in all its functions. They would represent an interwoven network, composed of an infinite variety of groups and federations of all sizes and degrees, local, regional, national and international temporary or more or less permanent - for all possible purposes: production, consumption and exchange, communications, sanitary arrangements, education, mutual protection, defence of the territory, and so on; and, on the other side, for the satisfaction of an ever-increasing number of scientific, artistic, literary and sociable needs...

[continued at the link above]

I assure you, anarchy/ism is generally quite orderly, as it was in Revolutionary Catalonia during the Spanish Civil War, or as it is in an ant colony - or an open-source software project - today. A dictionary is welcome to say whatever it would like, but in this case, throughout history, it is just plainly incorrect.

I don't think the dictionary (by definition the authoritative word on the subject) is wrong, but just that you might be thinking if a different term, maybe decentralized or peer-to-peer or flat hierarchy?

No, what I'm describing is the consensus definition used by actual anarchists and social scientists for nearly two hundred years. The dictionary is, in fact, wrong, or is choosing to neglect the political definition in favor of the informal descriptive use the term has in pop media.

I should point out that dictionaries are quite often wrong. It's not unreasonable to suspect some manner of political shenanigans at play, as well, as there are enormous interests invested in keeping people ignorant about radical ideologies.

The public at large has profoundly negative knee-jerk reaction to the concept of anarchy. Most people use the word incorrectly as well. If your goal is to advance the adoption of bitcoin, you should avoid actively associating the term. Know your audience.

On the other hand, there is definitely an "anti-circlejerk" (not just on the net) phenomenon, where people, after hearing a phrase used in a knee-jerk way over and over again, begin to question whether the knee-jerking is appropriate. Like "america is the best country in the world," "communism is bad", "terrorists are the number one threat to this country", etc. The term "anarchism" could have a renaissance of positive meaning.

OK since you're making such a bold statement then please correct me what I've understood wrong thusfar. My understanding is that someone is broadcasting transactions with changed data (TX id or something, not anything critical, but makes some wallet implementations confused if they use the original copy of the transaction). If you have just one server doing this, I don't see how you can manage to get enough penetration. For this to work on a large scale you need to have broadcasting servers (i.e. full nodes) around the network. One would not be enough.

I don't get it. Surely you can't add the same transaction twice into a block. So do miners keep both transactions (until one gets verified) or just the one they saw first? My guess is they keep only the first.

To have good penetration you need to be all around the network. Otherwise the original will be too widely distributed before your altered copy gets too far.

I know it's just a matter of semantics but it's not really a DDoS just because multiple nodes might be partaking. DDoS is intended to describe situations where something like a botnet is leveraged to attack using the power granted by the number of nodes, that one node could not otherwise do on its own. In this case, just one node is all that's needed (until it's blacklisted or something by other nodes), in which case another single node could be enlisted.

ok mr semantics, I work in IT and regularly deal with DoS and DDoS'es educate me.

it's not really a DDoS just because multiple nodes might be partaking

To be specific Dynamic means constantly rotating IP's so blocking at an IP level is useless then yes it is a DDoS. It can be done with a single node but more effective with a group.

As I was helping several businesses deal with this over the last week I can definitely confirm it was Dynamic and not a static attack.

DDoS is intended to describe situations where something like a botnet is leveraged to attack using the power granted by the number of nodes

No, not at all. DDoS describes a Dynamic Denial of Service as opposed to the usual static method (single node). Yes it is common that DDoS and bandwidth flooding usually go hand in hand but it is not the bandwidth that makes it a dynamic attack.

In this case, just one node is all that's needed

In this case it was multiple nodes, it looked to me like a popular botnet was deployed with a lightweight bitcoin node to do specifically this attack. This is not and never has been a case of a single node broadcasting malformed txids, but mass amounts of nodes doing so.

Ok fair enough, I didn't realise that such a term existed for exploiting the imbalance in server and client processing needs.

After further reading I've come to the conclusion that it's an unfortunate choice of acronym given the better known and more widely used choice of DDoS to mean distributed - as in using network nodes to overwhelm at the request level.

You work in IT with these things and failed to point out the differentiation - a rather important one.

You work in IT with these things and failed to point out the differentiation - a rather important one.

Sorry :) and to be fair I was actually thinking of distributed (admission of guilt !!!). When I was working back on ISP's in the late 90's early 00's DoS was our biggest worry and DDoS was a fairly new (and very difficult) problem to tackle.

Dynamic & Distrubuted were both tossed around as terms before the industry (evidently) settled on Distributed for botnet brute style attacks.

For myself who had to tackle these attacks on an cisco as5200 dynamic seemed correct, for every block of IP's we/ telstra would shunt off a whole wave of new IP's would fire up and attack us.

It's one of several. My impression though is that it's not completely clear what, if anything should be changed in wallet clients.

The big issue right now is in the architecture of exchanges, so I do think you're half right. Withdrawal procedures, and by implication any custom software on exchanges, has to correctly account for these potential txid alterations.

As for completely removing transaction malleability, that seems to be a far off goal (if at all), from what I've read the last couple of days.

That's pretty much correct. It's kind of a quick fix. However, I think you should be able to spend your unconfirmed change to self, because it makes bitcoin slightly easier to use... but I think for that to happen now you would have to make bitcoin-qt smart enough to handle the occasionally malleated transaction or (better, but perhaps harder to do) fix the underlying problem with malleability.

Last night, it looked like sipa was providing a way to do the former (with a normalized txid), which is probably a good stopgap measure.

One thing that waiting for confirmation does do is prevent somebody from ascertaining which address is change and which is the payment... so it increases privacy marginally.

It's a behavior that I can alter myself without relying on the devs. Just wait for a single confirmation of a spend before executing a new spend. Probably sucks for high volume traders, but I'm not one of those, so I'm good.

A nice fix would be to allow it, and if a duplicate transaction with a changed ID is detected, rebroadcast the spend with the new TxId as an input. This way, both versions of the transaction are available to miners, and one will be valid.

That's because you believe too much of what's written on /r/bitcoin. It turns out Gox was correct to demand a fix. As soon as they described the issue, some hackers took advantage of it and launched an attack that exposed that indeed, everyone was affected.

That's exactly the way they got their hot wallets emptied. Their system wasn't even aware of the fact the money had been spent a long time ago. Have you not been paying attention to the last two weeks' worth of withdrawal problems?

Add to that the extreme levels of failed withdrawals in the last few days, and it constitutes clear evidence people were exploiting the flaw to try and double withdraw.

Note that MtGox has not confirmed any theft (and they probably never will say, considering their PR track record). But it's clear such a thing could have been done relatively easily, and the respective market prices reflect the expectation that MtGox is short on coins (especially since Bitstamp is not similarly affected).

There is an IRC log posted in the daily discussion thread with this quote:

[03:03am] MagicalTux: [12:02:41] <darsie> MagicalTux: If you don't do automatic resends of apparently failed withdrawals, the malleability is harmless. <- yes, but people who didn't get their btc for a different reason will be pissed off too

It sounds like MagicalTux is confirming MtGox automatically resent deposits if the initial transaction had it's ID manipulated - if that's the case, the amount of Bitcoin lost by Gox could be quite substantial, since anybody exploiting the flaw could simply do withdrawls and deposits over and over until one 'suceeds', their funds are doubled without any human intervention.

Other exchanges (i.e. Bitstamp) have come out and explicitly said they haven't lost any funds - Gox have NOT, and have also refused to prove solvency despite having done so in the past. I think it's quite clear Gox is short on coins and is buying time, else they would fix their wallet as other exchanges have done instead of passing the buck.

Other services may have relied on the same method to identify transaction they need to do work and other are double checking to make sure they staff. The services that are prepared work just fine and haven't needed to make changes

I like this idea, I wonder if there is a universal pizza delivery gift card for Papa Johns/Pizza Hut/Dominos, i.e. a dominos gift card that works at dominos no matter what country you reside in. If not, BTC donations may be the thing to do. They deserve to know how much we appreciate their efforts.